Hi!
I would like to be able to strip off any and all VLAN tags for packets received on my sniffer NIC.
I simply want the 802.1q header (4 bytes) removed. Untagged packets should be passed through without modification.
I *know* this will mix packets from different VLANs, which is normally forbidden, but in this case I'm only going to sniff them, not bridge, route or process them in any other way. In fact, I always use the option 'monitor' on my sniffer NICs.
Q1.
Is there a way to do this stripping in hardware (for maximum performance)? I see that ifconfig with option '-vlanhwtag' at least can deal with adding/stripping tags, so perhaps there is a way to do what I want in hardware? (I usually run 'bge' or 'em' NICs).
2.
...or is there some kind of kernel module that accomplish the above by creating a virtual NIC, just like the 'vlan' module do, but that strip off *any* VLAN tag?
My current workarounds:
If the traffic to the sniffer NIC consist of 100% tagged packets from multiple VLANs, I can manually create a virtual 'vlan'-NIC for each VLAN-id and then 'bridge' them all together. This result in 100% untagged and mixed packets on bridge0, just as I want. Problem solved but with some performance loss (and every time a new VLAN is added, I manually have to remember to create and add the same to my bridge0.
A bigger problem is if the sniffer NIC receive both tagged and untagged packets. Like when a port aggregator tap mirrors a trunk with both tagged VLANS and an untagged one (quite common setup).
Then I can't include the untagged packets seen directly on the sniffer NIC in my virtual bridge0. (adding the parent NIC to bridge0 would make me see the tagged packets again as well as an untagged copy of the same).
Why do I ask this in the Development forum? Well, if there are no answers or solutions to the above, I wonder how hard it would be to steal the 'vlan' kernel module source code and transform it into a 'no_dot1q' kernel module?
I would like to be able to strip off any and all VLAN tags for packets received on my sniffer NIC.
I simply want the 802.1q header (4 bytes) removed. Untagged packets should be passed through without modification.
I *know* this will mix packets from different VLANs, which is normally forbidden, but in this case I'm only going to sniff them, not bridge, route or process them in any other way. In fact, I always use the option 'monitor' on my sniffer NICs.
Q1.
Is there a way to do this stripping in hardware (for maximum performance)? I see that ifconfig with option '-vlanhwtag' at least can deal with adding/stripping tags, so perhaps there is a way to do what I want in hardware? (I usually run 'bge' or 'em' NICs).
2.
...or is there some kind of kernel module that accomplish the above by creating a virtual NIC, just like the 'vlan' module do, but that strip off *any* VLAN tag?
My current workarounds:
If the traffic to the sniffer NIC consist of 100% tagged packets from multiple VLANs, I can manually create a virtual 'vlan'-NIC for each VLAN-id and then 'bridge' them all together. This result in 100% untagged and mixed packets on bridge0, just as I want. Problem solved but with some performance loss (and every time a new VLAN is added, I manually have to remember to create and add the same to my bridge0.
A bigger problem is if the sniffer NIC receive both tagged and untagged packets. Like when a port aggregator tap mirrors a trunk with both tagged VLANS and an untagged one (quite common setup).
Then I can't include the untagged packets seen directly on the sniffer NIC in my virtual bridge0. (adding the parent NIC to bridge0 would make me see the tagged packets again as well as an untagged copy of the same).
Why do I ask this in the Development forum? Well, if there are no answers or solutions to the above, I wonder how hard it would be to steal the 'vlan' kernel module source code and transform it into a 'no_dot1q' kernel module?